On the floor of the U.S. Senate on Thursday, Senator Judd Gregg (R-NH) proposed that back doors should be placed in all encryption products as a matter of national security. In his proposal, the U.S. government would have access to the back door with a court order.

The Clipper chip developed by the National Security Agency in 1994 was supported with similar arguments. The government wanted to escrow a key allowing access with a court order, but there was fierce opposition and the initiative died. Senator Judd proposed getting international cooperation for worldwide access to encrypted data.

Many security experts believe that such measures could lead to a dangerous reliance on electronic intelligence as opposed to human intelligence gathering.

BOB'S OPINION
And here we thought the Clipper chip was dead. Our elected leaders continue to show their ignorance of computer technology and the resistance we all have to Big Brother's snooping no matter how noble the cause.

Since the first encryption some 5,000 years ago in Babylon to the present, commercial enterprises and governments have used encryption and codes to convey sensitive information. At the same time, others have been working to penetrate the codes. The United States and England were very successful during World War II breaking the Axis powers' codes and ciphers. We never asked our enemies then to give us the “back door” into the codes or to escrow the keys.

The only ones that would have their privacy violated would be the people who obeyed the law. You can rest assured that the terrorists would ignore all the restrictions placed on the law-abiding. The horrible events of last week are not an excuse to destroy our individual rights.

USER COMMENTS 29 comment(s)

And this from a NH Senator?(11:24am EST Mon Sep 17 2001)

Isn't his State's motto “Live FREE or DIE!” ?

Doesn't sound like we'd be living too free to me.

As my pappy always said, “Locks are for Honest People” Well, the same can be said for any law that limits or restricts freedoms: they are for honest people (i.e. law-abiders).

I don't think Usama bin Laden and his merry bunch would respect the Congress' request.

Just my $0.02 worth,- by myrkat

Of course(11:24am EST Mon Sep 17 2001)It's not like anybody else could figure out these codes, right? Only the US Government is smart right? All our enemies are Stupid!!

*I still advocate the removal of safety warnings such as “Do not use this electric appliance in the shower” to remove the weaker of our species from the Human Race* - by OLD

But wait, these laws don't pertain to the governments (or the criminals), so the only ones affected are the public.

Way to go Senator DUFUS!!!!! Now that's in-depth analysis of a problem….huh??

BTW: When is HE up for re-election????

:)- by The Watcher

A little logic(11:31am EST Mon Sep 17 2001)Umm I have just one simple question. Ok if we did have a back door to a 128-bit code. Once someone finds the back door through brute force they have an open door to everybody. At the same time computer power increases everyday. And why wouldn't some other country use a truck load of cheap desktops put together in a “psudo” supercomputer and just steal the back door giving them free reign over US citizens and businesses secrets?If any of you have read the book crypto you know how hard it was just to get the NSA to give us the current level of security without their control. BTW if you haven't read it it's quite eye opening. Well that's my $0.02 what do you think? - by just a thought

Well let's see. . . (11:51am EST Mon Sep 17 2001)First you have to assume that no one else is going to figure out this “back door” and get into your files (heaven knows, you might be a legitimate business person rather than a terrorist!)

You also have to assume this “back door” can even be done.

Lastly, and most importantly, you have to trust the government not to abuse this power, either by obtrusive snooping or using it for criminal activity of their own. Considering the track record of our famous agencies in recent years, I wouldn't put anything past them. - by Ziwiwiwiwwiwiwiwiwi

What in the world(11:59am EST Mon Sep 17 2001)How can an open source project have this in there without everyone knowing the backdoor? Are they trying to kill open source? Why would a terrorist use an encryption program that has a backdoor. They could easily develop their own, or use the thousands that are currently available. How can I be sure the government isn't going to go invading privacy at whim? How easy is it going to be for crackers to get ahold of my private information.

Our people in Congress do not understand technology. They are emotion driven, they don't think logically. How did we get to this state? - by Shade

ignorance is bliss(12:14pm EST Mon Sep 17 2001).. - by PRFunky

Recall Election Request(12:15pm EST Mon Sep 17 2001)It is imperative that Senator Gregg be recalled immediately, he is obviously too stupid to be a Senator. When the feds outlawed ownership of “assault rifles” did the criminals give them up? What makes him think that the criminals would give up PGP?

How does he plan to enforce this? Doesn't the fourth amendment basically make it impossible to enforce this concept?

Get rid of him and put a REAL republican in his place that truly believes in the Reagan Doctrine: “The government is not the solution, the government is the problem.” - by Onibroc

mmmmmmm(12:15pm EST Mon Sep 17 2001)normally i am one of those just sitting there when something like this happens, but i think this time WE really need to do something about this, or else……..how about this, people from everywhere start making some sort of things like Carlson does (see )from the news it sounds like that they are just a small group, so i dont think the house will put too much attention on them……so lets have some actions fellow geeks!(btw, spread news to slashdot,etc to get more publicity)

pointless(1:23pm EST Mon Sep 17 2001)Putting back doors in US encryption software just means nobody will use it as there are alternatives without back doors…For instance, PGP - by Anonymous

BULLSHIT!(1:47pm EST Mon Sep 17 2001)This is just another example of the Nazis in Washington using terrorism (committed by someone else – after all, our self-appointed gods on Earth wouldn't dirty their hands doing anything themselves) to try to take away some more of our essential freedoms. These useless bastards are worse than the terrorists themselves.

As a result, in protest, I will be using PGP in super-military-grade (4096-bit keys) encryption mode to post random messages to unused newsgroups. Let the bastards try to decrypt my “Hi, Aunt Martha!” messages until Hell freezes over!- by Icesnake Frostfyre

Been done(2:29pm EST Mon Sep 17 2001)This goes back a few years… To reduce the need for multiple releases of Notes (64 bit North American and 40 Bit international), Lotus adopted a scheme by which the NSA held 24 bits of the 64 bit key for the Internation edition. It would have been nice, only two completely different version to compile, except the French govt said no, we don't want our citizens running a weakened encryption scheme which is harder for us to crack than the NSA. Thus the International French English edition :)

This idea is stupid the second time around as well.

This current problem will not be solved electronically. - by DM

Question…(2:43pm EST Mon Sep 17 2001)…Why is PGP the most popular anyway? I thought I read a long time ago that it is easy to use, but weak, and that the government could easily break it if they wanted to.

Apparently I am mistaken, so could someone explain why PGP is so good?

Thanks!

-DOSMAN - by The DOS Machine

^-OOPS!(2:54pm EST Mon Sep 17 2001)I was thinking about the DES encryption algorithm that was used in older versions of PGP. Sorry!

A new question would be: How does DES, IDEA, and RSA compare?

Thanks!

-DOSMAN - by The DOS Machine

Bin Laden's computer use(3:30pm EST Mon Sep 17 2001)I believe it was said that Bin Laden uses Zip disks and sneaker net to get his messages out. So should there be a chip in every zip disk so it can be tracked by satilite… - by loser

CIA and FBI taking advantage(3:44pm EST Mon Sep 17 2001)The CIA and FBI are not stupid. Theyare going to play on people's fears toget government to make people providebackdoors to encryption.

PGP uses RSA and was recently provento be uncrackable by the FBI. Theytried to crack some book keeping dataa mafia guy had encrypted using PGPand couldn't. So they recorded hiskeyboard input and got the key thatway.

What's funny about this argument is theassumption that foreign countries are not smart enough to roll their own encryption software without a backdoor.

- by voice of reason

This is coming from a senator…(6:08pm EST Mon Sep 17 2001)…not an engineer. As many pointed out before me, the US needs stronger encryption for business purposes, not weaker encryption. A Backdoor to US encryption is a pirate's dream. We have a lot of info that we don't want to get into the hands of Osama bin Asshole as well the Chinese, Russian, or Iraqi government. Within 2 months, some 19 year old with bad acne will break the scheme and we will all look really stupid.

Knee jerk reactions are a bad thing. We have to think our actions through very carefully before we act, especially now that we are at war. - by Steven

a FUD from one of the polyticks…(6:28pm EST Mon Sep 17 2001)this senator is just taking advantage of the current situation. all of these politicians have a degree in liberal “you want fries with that?” arts. - by lucifer

Question for Senator Gregg and others(8:00pm EST Mon Sep 17 2001)And exactly why would terrorists use any software with backdoors?

On another note, Bin Laden and gang have been known to use stenography (the method of hiding messages in plain view – such as modifying the LSB in a large BMP/WAV file). Stenography doesn't have backdoors in a cryptographic sense.

Finally, one has to ask if such a law had been in existence, could the FBI, CIA / NSA have prevented the WTC attack. I doubt it. - by Ruri

why dont they(11:15pm EST Mon Sep 17 2001)make a huge super computer for just cracking the codes. when 128 bit came out someone said it would take 1000 p2 300mhz machines 5 years to crack it if that is ll they did. so lets build a asci white III and use that to crack the encription. say 10,000 Itanium chips using a real 64 bit enviorment would chew through it. even Itanium critics reconized its brute power when used in highly sicentific and super demanding apps. - by Nataku

RSA(12:05am EST Tue Sep 18 2001)Ummm….just in thinking about a simple RSA encryption system (which even a lowly college sophomore knows up and down), isn't is less about a back door and more about the simple mathematics of it. If someone wants to keep something safe, they can. Yes, if you subscribe to an encryption system which does implement a backdoor system, then everything works, but otherwise, its mathematically impossible. No? - by hollinj

Freedoms(1:27am EST Tue Sep 18 2001)i have already written my representative and senators and so on i would recomend you do the same

after all benjamin franklin said that those that are willing to sacrifice fredom for security deserves neither

not exact quote

something to think about - by JOker

What a buffoon(2:09am EST Tue Sep 18 2001) The genie is out of the bottle. I would never export encryption products without the sound advice of an attourney. I enjoy my freedom and do not savor the idea of an extended vacation in Leavenworth Kansas. But I am sure the bad guys already have all the encryption tools I can get my hands on. You can't DL strong crypto like PGP or even the 128-bit version of IE from outside the US, But I'm sure the users on this board can think of a million ways to get it out of the country. Bill Clinton relaxed the crypto export rules because foriegn countries already had strong encryption and it was seen as a disadvantage to US software companies and others that wished to conduct legitimate secure communications with foriegn entities. Phil Zimmerman, the creator of PGP, wrote an excellent discussion on cryptography that used to come with PGP. It basically says that no crypto can secure your data %100. Good crypto should be strong enough to force your adversary to employ anther method of stealing your data. The perfect example is the FBI breaking into Eddie Scarfo Jr's house and planting a keylogger. The allies had enigma machines in WWII. They were useless until we got lucky and snagged one from a u-boat that had that days code still set. The point I am trying to make is that human intelligence is the only backdoor that will ever be effective against good crypto. In the coming campaign captured computer equipment is going to be extremely important to the intelligence community. A laptop with a few private keys could be a gold mine of information with the potential of identifying the entire organization. That is going to be the biggest challenge. Once we know who we are after they are deadmeat. - by kuhndog

Stupidity(4:29am EST Tue Sep 18 2001)Oh, I love it when the senators show their true intelligence. Oh, ya that'll work. “We can trust the people not to try and crack our back door enable encryption package. And to discourage any thoughts on it lets talk mean to them. They will thank us in the end. Yes, I know what I'm talking about. After all I took a one week course on using Windows and another week course on using the Internet” (fictious quote stemming from my outraged mind!)

Encrypt a virus on them. The only way to do it is to be smarter than the other people. And if we are not smart enough then there is something wrong. They may be striving on the current FUD, but if they mess around the FUD may hit their thoughts of re-election. - by tom

Spanning(4:18pm EST Fri May 05 2006)Spanning an encrypted file and having the first part of the file only being 300k (Separate from the rest of the spanned arkhive can make it impossible to crack if the header aka first file is missing–